Mercurial Mercurial > hg > mozilla / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
MozillaFirefox/MozillaFirefox.changes
branchfirefox48
changeset 929 9fc2ebe6d7f1
parent 928 4663386a04de
child 930 fdfd88b0c2d7 
--- a/MozillaFirefox/MozillaFirefox.changes	Mon Sep 19 21:47:49 2016 +0200
+++ b/MozillaFirefox/MozillaFirefox.changes	Fri Sep 23 13:20:08 2016 +0200
@@ -1,4 +1,57 @@
 -------------------------------------------------------------------
+Tue Sep 20 07:09:52 UTC 2016 - wr@rosenauer.org
+
+- update to Firefox 49.0 (boo#999701)
+  new features
+  * Updated Firefox Login Manager to allow HTTPS pages to use saved
+    HTTP logins.
+  * Added features to Reader Mode that make it easier on the eyes and
+    the ears
+  * Improved video performance for users on systems that support
+    SSE3 without hardware acceleration
+  * Added context menu controls to HTML5 audio and video that let users
+    loops files or play files at 1.25x speed
+  * Improvements in about:memory reports for tracking font memory usage
+  security related
+  * MFSA 2016-85
+    CVE-2016-2827 (bmo#1289085) - Out-of-bounds read in
+    mozilla::net::IsValidReferrerPolicy
+    CVE-2016-5270 (bmo#1291016) - Heap-buffer-overflow in
+    nsCaseTransformTextRunFactory::TransformString
+    CVE-2016-5271 (bmo#1288946) - Out-of-bounds read in
+    PropertyProvider::GetSpacingInternal
+    CVE-2016-5272 (bmo#1297934) - Bad cast in nsImageGeometryMixin
+    CVE-2016-5273 (bmo#1280387) - crash in
+    mozilla::a11y::HyperTextAccessible::GetChildOffset
+    CVE-2016-5276 (bmo#1287721) - Heap-use-after-free in
+    mozilla::a11y::DocAccessible::ProcessInvalidationList
+    CVE-2016-5274 (bmo#1282076) - use-after-free in
+    nsFrameManager::CaptureFrameState
+    CVE-2016-5277 (bmo#1291665) - Heap-use-after-free in nsRefreshDriver::Tick
+    CVE-2016-5275 (bmo#1287316) - global-buffer-overflow in
+    mozilla::gfx::FilterSupport::ComputeSourceNeededRegions
+    CVE-2016-5278 (bmo#1294677) - Heap-buffer-overflow in
+    nsBMPEncoder::AddImageFrame
+    CVE-2016-5279 (bmo#1249522) - Full local path of files is available
+    to web pages after drag and drop
+    CVE-2016-5280 (bmo#1289970) - Use-after-free in
+    mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap
+    CVE-2016-5281 (bmo#1284690) - use-after-free in DOMSVGLength
+    CVE-2016-5282 (bmo#932335) - Don't allow content to request favicons
+    from non-whitelisted schemes
+    CVE-2016-5283 (bmo#928187) - <iframe src> fragment timing attack can
+    reveal cross-origin data
+    CVE-2016-5284 (bmo#1303127) - Add-on update site certificate pin expiration
+    CVE-2016-5256 - Memory safety bugs fixed in Firefox 49
+    CVE-2016-5257 - Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4
+- removed obsolete patches:
+  * mozilla-aarch64-48bit-va.patch
+  * mozilla-exclude-nametablecpp.patch
+  * mozilla-old_configure-bmo1282843.patch
+- added patch mozilla-skia-overflow.patch (bmo#1304114)
+- requires NSS 3.25
+
+-------------------------------------------------------------------
 Tue Aug 30 20:25:38 UTC 2016 - astieger@suse.com
 
 - Mozilla Firefox 48.0.2:
mozilla